Re: DNS honeypots?Mar 03 2010 02:38PM Jason Lewis (jlewis packetnexus com) (1 replies)
Slightly related, I was wondering what might happen if I made every
query to the honeypot resolve back to the honeypot?
On Wed, Mar 3, 2010 at 9:20 AM, Brent Huston <lbhlists (at) gmail (dot) com [email concealed]> wrote:
> One of the tactics our clients use is that they stand up one of our HoneyPoint Agents on a decoy box and then send all malicious and failed queries to that IP address. The HoneyPoint Agent then absorbs the traffic for analysis.
>
> You can find a little bit about it from one of our customers here, they wrote it up with us: http://hurl.ws/cbhp
>
> Let me know if that helps!
>
> On Mar 2, 2010, at 4:00 PM, Jason Lewis wrote:
>
>> Anyone have any pointers to dns honeypots or maybe just BIND
>> configurations that would allow logging of malicious queries without
>> actually executing them?
>
>
query to the honeypot resolve back to the honeypot?
On Wed, Mar 3, 2010 at 9:20 AM, Brent Huston <lbhlists (at) gmail (dot) com [email concealed]> wrote:
> One of the tactics our clients use is that they stand up one of our HoneyPoint Agents on a decoy box and then send all malicious and failed queries to that IP address. The HoneyPoint Agent then absorbs the traffic for analysis.
>
> You can find a little bit about it from one of our customers here, they wrote it up with us: http://hurl.ws/cbhp
>
> Let me know if that helps!
>
> On Mar 2, 2010, at 4:00 PM, Jason Lewis wrote:
>
>> Anyone have any pointers to dns honeypots or maybe just BIND
>> configurations that would allow logging of malicious queries without
>> actually executing them?
>
>
[ reply ]